On Fri, Oct 08, 2021 at 04:50:57PM +0300, Ovidiu Panait wrote:
> 5.2 upstream commit 716850ab104d ("MIPS: eBPF: Initial eBPF support for MIPS32
> architecture.") introduced eBPF JIT support for MIPS32 and removed the cBPF JIT
> interface. However, it was subsequently reverted by the following commits,
> bringing back the old cBPF JIT implementation:
> f8fffebdea75 ("MIPS: BPF: Disable MIPS32 eBPF JIT")
> 36366e367ee9 ("MIPS: BPF: Restore MIPS32 cBPF JIT")
>
> From 36366e367ee9 ("MIPS: BPF: Restore MIPS32 cBPF JIT") commit message:
> """
> ...
> Until these problems are resolved, revert the removal of the cBPF JIT
> performed by commit 716850ab104d ("MIPS: eBPF: Initial eBPF support for
> MIPS32 architecture."). Together with commit f8fffebdea75 ("MIPS: BPF:
> Disable MIPS32 eBPF JIT") this restores MIPS32 BPF JIT behavior back to
> the same state it was prior to the introduction of the broken eBPF JIT
> support.
> """
>
> In 5.4, only f8fffebdea75 ("MIPS: BPF: Disable MIPS32 eBPF JIT") was
> backported. This patchseries re-enables cBPF JIT support by backporting the
> second part of 16850ab104d ("MIPS: eBPF: Initial eBPF support for MIPS32
> architecture.") revert and also fixes CVE-2021-38300. Both patches are clean
> cherry-picks.
>
> The testcase specified in 37cb28ec7d3a ("bpf, mips: Validate conditional
> branch offsets") commit message now passes in qemu:
>
> Before:
> -------
> root@qemumips:~# echo 1 > /proc/sys/net/core/bpf_jit_enable
> root@qemumips:~# modprobe test_bpf test_name="BPF_MAXINSNS: exec all MSH"
> [ 58.577385] test_bpf: #296 BPF_MAXINSNS: exec all MSH
> [ 58.579267] ------------[ cut here ]------------
> [ 58.603827] WARNING: CPU: 0 PID: 166 at arch/mips/mm/uasm-mips.c:210 build_insn+0x4e8/0x520
> [ 58.605354] Micro-assembler field overflow
> [ 58.606585] Modules linked in: test_bpf(+) i2c_piix4 sch_fq_codel openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
> [ 58.608979] CPU: 0 PID: 166 Comm: modprobe Not tainted 5.4.151-yocto-standard+ #3
> [ 58.610838] Stack : 00000000 00000000 0000010e 1000a400 80f90000 00000045 0000010f 801978cc
> [ 58.612647] 80c40000 0000000b 00000000 00000000 80e051d8 1000a400 8d119950 ffffffff
> [ 58.615304] 00000000 00000000 81030000 0000010f 00000000 00000000 00000000 0000ffff
> [ 58.617685] 00000000 00000000 00000001 0000010f 00000000 80e60000 00000000 80000000
> [ 58.618968] 8d119a8c 00000000 80130000 c0064000 00000000 807742f4 00000001 003871d7
> [ 58.620309] ...
> [ 58.621313] Call Trace:
> [ 58.622310] [<8010e748>] show_stack+0xb4/0x17c
> [ 58.623612] [<80b90cbc>] dump_stack+0xa0/0xcc
> [ 58.624755] [<80134a90>] __warn+0xcc/0x11c
> [ 58.626008] [<80b85ec0>] warn_slowpath_fmt+0x8c/0xb8
> [ 58.629175] [<80121a18>] build_insn+0x4e8/0x520
> [ 58.630225] [<80121ba4>] uasm_i_bne+0x1c/0x28
> [ 58.687860] [<8012d3a4>] build_body+0x6b8/0x2f38
> [ 58.740612] [<8012fd38>] bpf_jit_compile+0x114/0x1e4
> [ 58.793484] [<809cb584>] bpf_prepare_filter+0x2b0/0x464
> [ 58.843345] [<809cb7b8>] bpf_prog_create+0x80/0xc0
> [ 58.894788] [<c00572d8>] test_bpf_init+0x2d8/0xcf8 [test_bpf]
> [ 58.946096] [<80100e50>] do_one_initcall+0x54/0x2c4
> [ 58.992934] [<801d9850>] do_init_module+0x64/0x240
> [ 59.042867] [<801dbc84>] load_module+0x2180/0x27fc
> [ 59.093033] [<801dc568>] sys_finit_module+0xe8/0x100
> [ 59.142974] [<80117304>] syscall_common+0x34/0x58
> [ 59.823417] ---[ end trace af3af640ae837a28 ]---
>
> After:
> ------
> root@qemumips:~# echo 1 > /proc/sys/net/core/bpf_jit_enable
> root@qemumips:~# modprobe test_bpf test_name="BPF_MAXINSNS: exec all MSH"
> [ 215.882154] test_bpf: #296 BPF_MAXINSNS: exec all MSH jited:0 667558 PASS
> [ 216.618220] test_bpf: Summary: 1 PASSED, 0 FAILED, [0/1 JIT'ed]
>
> Paul Burton (1):
> MIPS: BPF: Restore MIPS32 cBPF JIT
>
> Piotr Krysiuk (1):
> bpf, mips: Validate conditional branch offsets
>
> arch/mips/Kconfig | 1 +
> arch/mips/net/Makefile | 1 +
> arch/mips/net/bpf_jit.c | 1299 +++++++++++++++++++++++++++++++++++
> arch/mips/net/bpf_jit_asm.S | 285 ++++++++
> 4 files changed, 1586 insertions(+)
> create mode 100644 arch/mips/net/bpf_jit.c
> create mode 100644 arch/mips/net/bpf_jit_asm.S
All now queued up, thanks.
greg k-h
